+Return-Path: <andrew.kozlik@satoshilabs.com>

+Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org

+ [172.17.192.35])

+ by mail.linuxfoundation.org (Postfix) with ESMTPS id 2A441FF4

+ for <bitcoin-dev@lists.linuxfoundation.org>;

+ Wed, 26 Sep 2018 12:12:46 +0000 (UTC)

+X-Greylist: whitelisted by SQLgrey-1.7.6

+Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com

+ [209.85.221.53])

+ by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 989EC27B

+ for <bitcoin-dev@lists.linuxfoundation.org>;

+ Wed, 26 Sep 2018 12:12:44 +0000 (UTC)

+Received: by mail-wr1-f53.google.com with SMTP id v16-v6so26763195wro.11

+ for <bitcoin-dev@lists.linuxfoundation.org>;

+ Wed, 26 Sep 2018 05:12:44 -0700 (PDT)

+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

+ d=satoshilabs.com; s=google;

+ h=subject:to:references:from:openpgp:autocrypt:message-id:date

+ :user-agent:mime-version:in-reply-to:content-language;

+ bh=4yefBnRxm8By0lXGRy/EZodjK/oTKi3k4Wk8hC6CiYo=;

+ b=ANk2CEIgYjuk8sEuIsLJywlw2wAqWCa85h3mNS5M8oN5jkM4U6fKKI+JREpjVvZK1b

+ qBw8TMZr1hZuoToViSBVxHfELvhFiFnEcyfvO1zVPG9qB/zOtru90uA/9CQ8s6S8e7tN

+ emZWe+pNScSCapKhPt0NPmtuingCgVF6JWiaLHdzaCiB7cmM2kOsKU1lDSSkLyZvlv4L

+ rCWEjsbqPrUFUxyE1pzD+w8XBKZ3W2dF9jJDXZ33q2VKeh9OdOjNimEumKoLVx40dz/j

+ sOVIZ3Jw3N1IguEny3w0WfmMyusNceg9NMq2qEOs51q+OXw8/oGQ5YoBRC0BLwzjIMWq

+ GcUg==

+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

+ d=1e100.net; s=20161025;

+ h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt

+ :message-id:date:user-agent:mime-version:in-reply-to

+ :content-language;

+ bh=4yefBnRxm8By0lXGRy/EZodjK/oTKi3k4Wk8hC6CiYo=;

+ b=jYbw/tnkfgIIy4Wwh1Iy4pjEg7u2xceAMrhQsrcUUuSmj0oG22Jf6+1ARSeRHVGcXV

+ 5Th8WfLf39eQF/IdcOqtoR6O5EmBf9BB2DXOYJDOUCdut80OSyRmwjYGQ3MHWsbsDdLh

+ JM8J7afpsz+DPCaEbkzdzVV/Pr5u7V5CNm6R3Gvh9G+Zru4Zrn6F8sgr7oVw3qyl2+Yk

+ TmUOLpBF0WonS3NvDuVRD1gUcjemgv6BTbm3ndW7K0LrUfHoFCgP4r7mIlEdjfcMFpcd

+ II1644dPDCV1ZEo040jrW3UNCkJ6Ks3g7KtshSJOD+GV5PI3MQ1xsZTJQKgmNoyl1gM6

+ ZD0w==

+X-Gm-Message-State: ABuFfoidTs8Hx5HZ+1bxo9qV3pjdOs9N/lhZwKCmnZZngXVf0gP/VhGj

+ Dsn3eK0Qi08eZr9lhJNzupdjskkjhI0=

+X-Google-Smtp-Source: ACcGV62ZRe5TQzkaC612l0OAhAgE/bKBvM48UN4+O4sjFv90FJPFUmflBUQyvVw2zn3N4sTdSVvuow==

+X-Received: by 2002:adf:8523:: with SMTP id 32-v6mr4587626wrh.72.1537963962643;

+ Wed, 26 Sep 2018 05:12:42 -0700 (PDT)

+Received: from [192.168.255.205] ([88.208.115.69])

+ by smtp.gmail.com with ESMTPSA id

+ h17-v6sm6358322wrq.73.2018.09.26.05.12.41

+ (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);

+ Wed, 26 Sep 2018 05:12:42 -0700 (PDT)

+To: Christopher Allen <ChristopherA@lifewithalacrity.com>,

+ Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>

+References: <4e2c7b41-1e16-b89a-04d8-776f3469141a@satoshilabs.com>

+ <CACrqygCoqFMFLTpn5PSMR2_wSHnWsXSyZZ_jhk-FbvZHwwz4nA@mail.gmail.com>

+From: Andrew Kozlik <andrew.kozlik@satoshilabs.com>

+Openpgp: preference=signencrypt

+Autocrypt: addr=andrew.kozlik@satoshilabs.com; keydata=

+ xsFNBFt62C4BEAC+pOtoQthf9I0vZIfVPbebk/1i1Znw0AmbqZr36fqfdGcCdZ2gDJDLjisd

+ QZVsHbZ4WAlFL5AKH2YJlwBrjxN+gTh0W231QTWUNGqOR2v61gBo3tBhxmr+9yP/iNuQpLCn

+ E+P1hN6si9IkaxbqCVW6eUiexKsY4gK8RR6UgqJ73h/Y5p57NVpbuYvrKpFp17qEfKO0ToNC

+ kSQzLZsOFRGZzbIp5dipPWDR04TbvliPR+Gn0HBnGC9wvfqFSlJiHxqB8GSCyviGXiGCOwAs

+ SDEfr2yybxR/hnCURDm9jWX7Rv+1MSJzlRikQ/NFoLsH2FFRG5RPbRLGHBEeRioP5FcCtCsq

+ rAvICud4Hvqm9FjjsIDL8YpKsRsC6VdphPVV2vggeDulMtl9jlZb38vMrQMyT5NnQr04oPmI

+ DdD5puYcs1eoYhryOf4g6dEj/Zyndg9wXTQC6nXSTIFPEMNVv4aUwMr1z/pPW3f7zokIRc0a

+ h/Kxn9kUe9UB5ASgH7UoKD13pPmf6XSEpwUVXGp97s7JmlaheN45a3odM9y3rn8doSdLacB2

+ dRKSBWaebYEnMitHpiBVdTCVYkbq35bblGYC/RURaGUBA/aGWv0ozPYq+7uJY4VJ1nz/T9fu

+ g8Mes1Z03YAOoHP9uDZDa8Ops/9N7ygUzCqL/LWeQC5I6YdoyQARAQABzS1BbmRyZXcgS296

+ bGlrIDxhbmRyZXcua296bGlrQHNhdG9zaGlsYWJzLmNvbT7CwX0EEwEIACcFAlt62C4CGyMF

+ CQlmAYAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQUemaa1Zc2aTb9w/+MFYbXAbpYOVG

+ 3m3kLtPnWVpMXOIWVoK1r4j5/J8L2oBjf6JD/br55ZU6VaE5RYwuAW9NfU6OqP0NVTARGXpH

+ sf3p4mZ7W7FtwdkBm36//R9DN76eQXfu1GoyYjLTbF7KqbqQjckNVYNMx4kIIShID7nMasN7

+ Vt/zhB0jc8Ay5T5/5YynNqR0WQAw6dF979xHrKXuAvuJ0bSVU+tUaDm07jp09tB5nM2dUQGn

+ vUh0D6aZYVhW+hO0tfWvY/RSwHP9+TdT0VH8sd8mFUM4TIT7fbdk4Ceq2oCy3/VusDQWQljQ

+ AHXQ7mEJWeRX0XSACTU/337igFbW45AvJAy0bPL4wz8Jfm8x0W0f3x/U78yQIYsTFJIAba4U

+ RKONJ0AxVGPIRy4jH1sddkP1xEgS4m3QjQGnlsjmjHcCX4gMlQLowJz5JQ4x/CnnGd8Aiki8

+ n4rrov0VDEwPQUdVSWHB9cIagAPfS7p6j7hVc51DyxMFwb7fkBcuEhwTd90TAo843igGVYbv

+ 4xnvaUgGvvjZZcOjbfHwzUmhvCtJYW9GQjFfGcTmYHBaRvIQeNYLrrsGtpUj83qaUgwe1GAl

+ u0RXB+YXUKM55MbvHBq0yABRku+AbGlqGzfm46giaFlqTxji3qjP/M44hOgbOqmDemfc9BDx

+ iATyQgGry8TFZeAOGqXRd+7OwU0EW3rYLgEQAMpVn2xMtJuaH7fU9STafUCbSwzP3CS4wseD

+ ijEeo/Pce46cqMNYx4u0AQBxwtIReDe9KSUugVUDkywsXIweZytY+RXYwV12bcxmStP06+LH

+ 79UKDFN2DqsJRg5KzG91+fPIX4XnEpdufKy2EF6Isio8wlwfLCtJgrcXLLlSUXmavv+QNqU7

+ /HLT5gsSaIPUns8t+miZ2lHxMjKDJCbuWdWZymhZXc5e0sGkLVo0mq1CzjObyDuYyvXhAJZa

+ jDFsMY9dF8iA5bIGmhAQmfEgQSxe6za60i/M92TNHKENb2x1rqXXr0ctjNd73TKPkOIVYPPx

+ 0IBJiltC7BRExE7FSNc70JJxg3amJHlPPVtz/MkkiW8mLbJrcTTV1Zrq4U8Dm8ErNjA6L5Fc

+ S6p/Z4F1ZlQFDdao5V24jGti2tpGbP7zQqkcieeoSh7luK8a5AfQy+Im2C4BgrHseCqpd8Ik

+ Vfwmiy90nGtgScqn52fr18rWE3zfx5Uu7IbRPxLNL6VBfCeI+w2HkY0LTp3/iYvBZU6Dt12s

+ Z2XYrwYuuf+Pf6CAuITyXjIEdaKPuYYrkxG5U5EFeefwhpQgmT2BH+Jgp9+4fuu6W8wQMYbt

+ 7yXtm/Z1KI2tzZ/x006shhzG0b5hiJu5wf+vJxaREv3cnkPjGGXmLLMXerlXzPJys5hJ0lhx

+ ABEBAAHCwWUEGAEIAA8FAlt62C4CGwwFCQlmAYAACgkQUemaa1Zc2aTPZxAAop/Zj3xA6f9M

+ sl9hTAYdodSwXtXr1xdtRkciO0CitqSvBLB7xeohfHxfUa06aXyBNMA0jwIMIn4yjOD7jNOy

+ 9cj5Alql644Dt0/fRVniSnV+b2ebfnbywa6jBIIR/FPq4nJaJ0AgzwJm/0OR7+1LOCONA72w

+ tUCAvGyhM2c4yPYjULCKYPUlQPy5fKpGBggP3cbPZLH1gmEL61Ph27rejnW2XC1EL3J/BPcL

+ ixKXk8po/x94qkV6f506isszuRmJBnAXzYa6lXNjpDySfXhrlspY1OJlR0CK+4D3nJiaePYt

+ lh3LoJbqsuK/ERfiV8vsJRV/SENtjqTrd9tbb8Ab+3v6ilCYJ6mXUMOy0Jc1rGcOSGyH6JVz

+ WHDzk/AvZbP9Uai/hDIskLFq5i/6fQY+uaKHKFrc9S2rQ8g1deKWqVZEGyUYA5ICkTUpHgJT

+ IwZzFZyKmFzmI1f3gLh9hHKKLHrq/zv6myXCko6Tn2PyeNXyekmqKk4M61J7v9SJc0H2iVuR

+ 0yVdBihwBDm18cA+a2T4u6NtQVtI4eIfA79aBF0IIJ/VbKxgFOjQmWWL1ej5BAdwA752f6rr

+ rpSashtUuLDAcUnS6PKZK3qZltDAJeOhK+B2ejX7GPAVf5UYT1JB9pn9urN+C5v9aDPjyRrU

+ ADdTkt305KgIVcafMVR1Brg=

+Message-ID: <5c36fdb3-304f-ce43-d41a-0c1d66c7cc41@satoshilabs.com>

+Date: Wed, 26 Sep 2018 14:12:40 +0200

+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101

+ Thunderbird/52.9.1

+MIME-Version: 1.0

+In-Reply-To: <CACrqygCoqFMFLTpn5PSMR2_wSHnWsXSyZZ_jhk-FbvZHwwz4nA@mail.gmail.com>

+Content-Type: multipart/alternative;

+ boundary="------------CEAF1CC0E5C4570D928071F1"

+Content-Language: en-US

+X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,

+ DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE,

+ RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1

+X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on

+ smtp1.linux-foundation.org

+X-Mailman-Approved-At: Wed, 26 Sep 2018 12:19:24 +0000

+Subject: Re: [bitcoin-dev] SLIP-0039: Shamir's Secret-Sharing for Mnemonic

+ Codes

+X-BeenThere: bitcoin-dev@lists.linuxfoundation.org

+X-Mailman-Version: 2.1.12

+Precedence: list

+List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>

+List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,

+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>

+List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>

+List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>

+List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>

+List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,

+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>

+X-List-Received-Date: Wed, 26 Sep 2018 12:12:46 -0000

+

+This is a multi-part message in MIME format.

+--------------CEAF1CC0E5C4570D928071F1

+Content-Type: text/plain; charset=utf-8

+Content-Transfer-Encoding: quoted-printable

+

+Thanks for your input Christopher. Since we already have the discussion

+about your comments running under the issues in the SLIPs repo on Github

+(https://github.com/satoshilabs/slips/issues), let's continue it there.

+

+Andrew Kozlik

+

+

+On 21.9.2018 21:29, Christopher Allen wrote:

+> On Fri, Sep 21, 2018 at 11:18 AM Andrew Kozlik via bitcoin-dev

+> <bitcoin-dev@lists.linuxfoundation.org

+> <mailto:bitcoin-dev@lists.linuxfoundation.org>> wrote:

+>

+> We are currently writing a new specification for splitting BIP-32

+> master

+> seeds into multiple mnemonics using Shamir's secret sharing scheme.=

+ We

+> would be interested in getting your feedback with regard to the

+> high-level design of the new spec:

+> https://github.com/satoshilabs/slips/blob/master/slip-0039.md

+> Please focus your attention on the section entitled "Master secret

+> derivation functions", which proposes several different solutions.

+> Note

+> that there is a Design Rationale section at the very end of the

+> document, which should answer some of the questions you may have. T=

+he

+> document is a work in progress and we are aware that some technical=

+

+> details have not been fully specified. These will be completed

+> once the

+> high level design has been settled.

+>

+>

+> I and a number of companies & communities I am involved with are very

+> interested in this.=C2=A0

+>

+> A challenge is that Shamir Secret Sharing has subtleties. To quote

+> Greg Maxwell:

+>

+> > I think Shamir Secret Sharing (and a number of other things, RNGs

+> for example), suffer from a property where they are just complex

+> enough that people are excited to implement them often for little good

+> reason, and then they are complex enough (or have few enough reasons

+> to invest significant time) they implement them poorly=E2=80=9D.

+>

+> Some questions for you:

+>

+> * What other teams or communities besides Trezor are committed to

+> standardizing a Shamir Secret Sharing Scheme? I can say that the

+> #RebootingWebOfTrust community (meeting again for the 7th time next

+> week in Toronto https://rwot7.eventbrite.com) are very interested.

+>

+> * Where do you want to hold discussions on this? Do people object to

+> having this discussion on this mailing list? Or should it be=C2=A0issue=

+s in

+> SLIPS repo or on some other mailing list?=C2=A0

+>

+> * Presuming a successful split of secrets, I don=E2=80=99t know all the=

+

+> adversarial problems that are associated with recovery of a SSS. As

+> this would be an interactive event, I presume an attacker can DOS a

+> request to reassemble keys (so maybe some the of integrity of each

+> share vs all is required). And of course there are the biggest

+> problems: =C2=A0impersonation of a reassembly request and a MitM of a

+> reassembly request. Are there other attacks? Are you trying to

+> mitigate any of these?

+>

+> Two comments:

+>

+> * The Lightning Network community has added to their BIP32 mnemonics

+> the ability to have a birthday in the seed, to make it easier =C2=A0to =

+scan

+> the blockchain for keys, as well as a byte with some way to know how

+> to derive keys paths for it. I don=E2=80=99t seee a BOLT for this (it w=

+as

+> mentioned

+> in=C2=A0https://bitcoin.stackexchange.com/questions/74805/what-is-birth=

+day-in-the-context-of-bip39-lightning-seed-generation)

+> =C2=A0I would suggest that you also get some of their latest thoughts a=

+nd

+> incorporate them.

+>

+> * I worked with Chris Vickery while at Blockstrham on various possible

+> ways to improve mnemonic word lists. I=E2=80=99m not suggesting that yo=

+u

+> necessarily go as far as we did to try to create a mnemonic that is

+> iambic pentameter poetry (inspired by

+> https://www.isi.edu/natural-language/mt/memorize-random-60.pdf),

+> however, we did find sources for words that are concrete (for example

+> table is more concrete than truth

+> http://crr.ugent.be/papers/Brysbaert_Warriner_Kuperman_BRM_Concreteness=

+_ratings.pdf

+> ) or have strong emotional valence attachment (truth is more emotional

+> than table), both of which make can words more memorable. I also found

+> lists of words that are hard to pronounce unless you are English

+> native, and eliminated them from my own list.=C2=A0

+>

+> Among the results of this was a new BIP-39 2048 word compatible word

+> list filtered for memorability (concreteness & emotional valence) and

+> suitability for iambic pentameter, which is located:

+>

+> =C2=A0 =C2=A0

+> https://github.com/ChristopherA/iambic-mnemonic/blob/master/word-lists/=

+iambic-wordlist.json=C2=A0

+>

+> =E2=80=A6which was created from the repo at

+>

+> =C2=A0 =C2=A0 https://github.com/ChristopherA/password_poem

+>

+> You can a number of other word lists that I=E2=80=99ve collected here

+> https://github.com/ChristopherA/iambic-mnemonic/blob/master/word-lists/=

+

+>

+> If you want to replicate what we did with your own criteria, you may

+> want to incorporate information from the CMU

+> dictitionary=C2=A0http://www.speech.cs.cmu.edu/cgi-bin/cmudict, the top=

+

+> 5000

+> words=C2=A0https://github.com/ChristopherA/password_poem/blob/master/to=

+p5000.json,

+> =C2=A0concrete word lists

+> http://crr.ugent.be/papers/Concreteness_ratings_Brysbaert_et_al_BRM.txt=

+

+> and emotional words =C2=A0(valence)=C2=A0http://crr.ugent.be/archives/1=

+003

+>

+> =E2=80=94 Christopher Allen

+>

+>

+>

+>

+>

+>

+>

+

+

+--------------CEAF1CC0E5C4570D928071F1

+Content-Type: text/html; charset=utf-8

+Content-Transfer-Encoding: 8bit

+

+<html>

+ <head>

+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

+ </head>

+ <body text="#000000" bgcolor="#FFFFFF">

+ <p>Thanks for your input Christopher. Since we already have the

+ discussion about your comments running under the issues in the

+ SLIPs repo on Github

+ (<a class="moz-txt-link-freetext" href="https://github.com/satoshilabs/slips/issues">https://github.com/satoshilabs/slips/issues</a>), let's continue it

+ there.</p>

+ <p>Andrew Kozlik<br>

+ </p>

+ <br>

+ <div class="moz-cite-prefix">On 21.9.2018 21:29, Christopher Allen

+ wrote:<br>

+ </div>

+ <blockquote type="cite"

+cite="mid:CACrqygCoqFMFLTpn5PSMR2_wSHnWsXSyZZ_jhk-FbvZHwwz4nA@mail.gmail.com">

+ <meta http-equiv="content-type" content="text/html; charset=utf-8">

+ <div dir="ltr">

+ <div dir="ltr">

+ <div dir="ltr">

+ <div dir="ltr">

+ <div dir="ltr">

+ <div dir="ltr">

+ <div dir="ltr">

+ <div dir="ltr">

+ <div dir="ltr">

+ <div dir="ltr">

+ <div dir="ltr">

+ <div dir="ltr">

+ <div dir="ltr">

+ <div dir="ltr">

+ <div dir="ltr">

+ <div dir="ltr">

+ <div dir="ltr">

+ <div dir="ltr">

+ <div dir="ltr">On Fri, Sep 21,

+ 2018 at 11:18 AM Andrew

+ Kozlik via bitcoin-dev &lt;<a

+href="mailto:bitcoin-dev@lists.linuxfoundation.org"

+ moz-do-not-send="true">bitcoin-dev@lists.linuxfoundation.org</a>&gt;

+ wrote:<br>

+ <div class="gmail_quote">

+ <blockquote

+ class="gmail_quote"

+ style="margin:0px 0px

+ 0px

+0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">We

+ are currently writing a

+ new specification for

+ splitting BIP-32 master<br>

+ seeds into multiple

+ mnemonics using Shamir's

+ secret sharing scheme.

+ We<br>

+ would be interested in

+ getting your feedback

+ with regard to the<br>

+ high-level design of the

+ new spec:<br>

+ <a

+ href="https://github.com/satoshilabs/slips/blob/master/slip-0039.md"

+ rel="noreferrer"

+ target="_blank"

+ moz-do-not-send="true">https://github.com/satoshilabs/slips/blob/master/slip-0039.md</a><br>

+ Please focus your

+ attention on the section

+ entitled "Master secret<br>

+ derivation functions",

+ which proposes several

+ different solutions.

+ Note<br>

+ that there is a Design

+ Rationale section at the

+ very end of the<br>

+ document, which should

+ answer some of the

+ questions you may have.

+ The<br>

+ document is a work in

+ progress and we are

+ aware that some

+ technical<br>

+ details have not been

+ fully specified. These

+ will be completed once

+ the<br>

+ high level design has

+ been settled.<br>

+ </blockquote>

+ <div><br>

+ </div>

+ <div>I and a number of

+ companies &amp;

+ communities I am

+ involved with are very

+ interested in this. </div>

+ <div><br>

+ </div>

+ <div>A challenge is that

+ Shamir Secret Sharing

+ has subtleties. To quote

+ Greg Maxwell:</div>

+ <div><br>

+ </div>

+ <div>&gt; I think Shamir

+ Secret Sharing (and a

+ number of other things,

+ RNGs for example),

+ suffer from a property

+ where they are just

+ complex enough that

+ people are excited to

+ implement them often for

+ little good reason, and

+ then they are complex

+ enough (or have few

+ enough reasons to invest

+ significant time) they

+ implement them poorly”.</div>

+ <div><br>

+ </div>

+ <div>Some questions for

+ you:</div>

+ <div><br>

+ </div>

+ <div>

+ <div>* What other teams

+ or communities besides

+ Trezor are committed

+ to standardizing a

+ Shamir Secret Sharing

+ Scheme? I can say that

+ the

+ #RebootingWebOfTrust

+ community (meeting

+ again for the 7th time

+ next week in Toronto <a

+href="https://rwot7.eventbrite.com" moz-do-not-send="true">https://rwot7.eventbrite.com</a>)

+ are very interested.</div>

+ <div><br>

+ </div>

+ </div>

+ <div>* Where do you want

+ to hold discussions on

+ this? Do people object

+ to having this

+ discussion on this

+ mailing list? Or should

+ it be issues in SLIPS

+ repo or on some other

+ mailing list? </div>

+ <div><br>

+ </div>

+ <div>* Presuming a

+ successful split of

+ secrets, I don’t know

+ all the adversarial

+ problems that are

+ associated with recovery

+ of a SSS. As this would

+ be an interactive event,

+ I presume an attacker

+ can DOS a request to

+ reassemble keys (so

+ maybe some the of

+ integrity of each share

+ vs all is required). And

+ of course there are the

+ biggest problems:

+  impersonation of a

+ reassembly request and a

+ MitM of a reassembly

+ request. Are there other

+ attacks? Are you trying

+ to mitigate any of

+ these?<br>

+ </div>

+ <div><br>

+ </div>

+ <div>Two comments:</div>

+ <div><br>

+ </div>

+ <div>* The Lightning

+ Network community has

+ added to their BIP32

+ mnemonics the ability to

+ have a birthday in the

+ seed, to make it easier

+  to scan the blockchain

+ for keys, as well as a

+ byte with some way to

+ know how to derive keys

+ paths for it. I don’t

+ seee a BOLT for this (it

+ was mentioned in <a

+href="https://bitcoin.stackexchange.com/questions/74805/what-is-birthday-in-the-context-of-bip39-lightning-seed-generation"

+ moz-do-not-send="true">https://bitcoin.stackexchange.com/questions/74805/what-is-birthday-in-the-context-of-bip39-lightning-seed-generation</a>)

+  I would suggest that

+ you also get some of

+ their latest thoughts

+ and incorporate them.</div>

+ <div><br>

+ </div>

+ <div>* I worked with Chris

+ Vickery while at

+ Blockstrham on various

+ possible ways to improve

+ mnemonic word lists. I’m

+ not suggesting that you

+ necessarily go as far as

+ we did to try to create

+ a mnemonic that is

+ iambic pentameter poetry

+ (inspired by <a

+ href="https://www.isi.edu/natural-language/mt/memorize-random-60.pdf"

+ moz-do-not-send="true">https://www.isi.edu/natural-language/mt/memorize-random-60.pdf</a>),

+ however, we did find

+ sources for words that

+ are concrete (for

+ example table is more

+ concrete than truth <a

+href="http://crr.ugent.be/papers/Brysbaert_Warriner_Kuperman_BRM_Concreteness_ratings.pdf"

+ moz-do-not-send="true">http://crr.ugent.be/papers/Brysbaert_Warriner_Kuperman_BRM_Concreteness_ratings.pdf</a>

+ ) or have strong

+ emotional valence

+ attachment (truth is

+ more emotional than

+ table), both of which

+ make can words more

+ memorable. I also found

+ lists of words that are

+ hard to pronounce unless

+ you are English native,

+ and eliminated them from

+ my own list. </div>

+ <div><br>

+ </div>

+ <div>Among the results of

+ this was a new BIP-39

+ 2048 word compatible

+ word list filtered for

+ memorability

+ (concreteness &amp;

+ emotional valence) and

+ suitability for iambic

+ pentameter, which is

+ located:</div>

+ <div><br>

+ </div>

+ <div>    <a

+href="https://github.com/ChristopherA/iambic-mnemonic/blob/master/word-lists/iambic-wordlist.json"

+ moz-do-not-send="true">https://github.com/ChristopherA/iambic-mnemonic/blob/master/word-lists/iambic-wordlist.json</a> </div>

+ <div><br>

+ </div>

+ <div>…which was created

+ from the repo at</div>

+ <div><br>

+     <a

+ href="https://github.com/ChristopherA/password_poem"

+ moz-do-not-send="true">https://github.com/ChristopherA/password_poem</a><br>

+ </div>

+ <div><br>

+ </div>

+ <div>You can a number of

+ other word lists that

+ I’ve collected here <a

+href="https://github.com/ChristopherA/iambic-mnemonic/blob/master/word-lists/"

+ moz-do-not-send="true">https://github.com/ChristopherA/iambic-mnemonic/blob/master/word-lists/</a></div>

+ <div><br>

+ </div>

+ <div>If you want to

+ replicate what we did

+ with your own criteria,

+ you may want to

+ incorporate information

+ from the CMU

+ dictitionary <a

+ href="http://www.speech.cs.cmu.edu/cgi-bin/cmudict"

+ moz-do-not-send="true">http://www.speech.cs.cmu.edu/cgi-bin/cmudict</a>,

+ the top 5000 words <a

+href="https://github.com/ChristopherA/password_poem/blob/master/top5000.json"

+ moz-do-not-send="true">https://github.com/ChristopherA/password_poem/blob/master/top5000.json</a>,

+  concrete word lists <a

+href="http://crr.ugent.be/papers/Concreteness_ratings_Brysbaert_et_al_BRM.txt"

+ moz-do-not-send="true">http://crr.ugent.be/papers/Concreteness_ratings_Brysbaert_et_al_BRM.txt</a>

+ and emotional words

+  (valence) <a

+ href="http://crr.ugent.be/archives/1003"

+ moz-do-not-send="true">http://crr.ugent.be/archives/1003</a></div>

+ <div><br>

+ </div>

+ <div>— Christopher Allen</div>

+ <div><br>

+ </div>

+ <div><br>

+ </div>

+ <div><br>

+ </div>

+ <div><br>

+ </div>

+ <div><br>

+ </div>

+ <div><br>

+ </div>

+ <div><br>

+ </div>

+ </div>

+ </div>

+ </div>

+ </div>

+ </div>

+ </div>

+ </div>

+ </div>

+ </div>

+ </div>

+ </div>

+ </div>

+ </div>

+ </div>

+ </div>

+ </div>

+ </div>

+ </div>

+ </div>

+ </div>

+ </blockquote>

+ <br>

+ </body>

+</html>

+

+--------------CEAF1CC0E5C4570D928071F1--

+